A perfect example of this prediction is how Blackhole Exploit Kit continuously attempts to circumvent the efforts done by the security industry. True enough, we recently received reports of a Blackhole Exploit Kit (BHEK) run that incorporated an exploit (detected by Trend Micro as JAVA_ARCAL.A) targeting the recently patched CVE-2013-0431. When users click the item number indicated in these messages, they are led to several redirecting sites until they arrive at the page hosting the encrypted BHEK code. In the testing we did, the BHEK code found certain versions of Adobe Reader, which prompted it to download and execute a malicious. This BHEK code also downloads and executes JAVA_ARCAL.A from a specific page after checking the Java version of the infected system. JAVA_ARCAL.A then downloads and executes TSPY_FAREIT.MEX by using command.exe in the PATH %user% in a specific URL. … At the end of the infection chain, this BHEK code will access the malicious page below to lead users into thinking that they’re just redirected to a seemingly non-malicious website.